BaseStableTop 25 #3
CWE-89Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Category: injection
Description
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
Common consequences· 5
- Confidentiality / Integrity / Availability — Execute Unauthorized Code or CommandsAdversaries could execute system commands, typically by changing the SQL statement to redirect output to a file that can then be executed.
- Confidentiality — Read Application DataSince SQL databases generally hold sensitive data, loss of confidentiality is a frequent problem with SQL injection vulnerabilities.
- Authentication — Gain Privileges or Assume Identity, Bypass Protection MechanismIf poor SQL commands are used to check user names and passwords or perform other kinds of authentication, it may be possible to connect to the product as another user with no previous knowledge of the password.
- Access Control — Bypass Protection MechanismIf authorization information is held in a SQL database, it may be possible to change this information through the successful exploitation of a SQL injection vulnerability.
- Integrity — Modify Application DataJust as it may be possible to read sensitive information, it is also possible to modify or even delete this information with a SQL injection attack.
Potential mitigations· 5
- [Architecture and Design]
- [Architecture and Design]
- [Architecture and Design, Operation]
- [Architecture and Design]For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server.
- [Implementation]
Related CAPEC attack patterns· 6
References
Exploits (incoming)5
| Type | Target | Confidence | Tier |
|---|---|---|---|
| AttackPattern | Blind SQL Injectioncapec-7 | 100% | live |
| AttackPattern | SQL Injectioncapec-66 | 100% | live |
| AttackPattern | Command Line Execution through SQL Injectioncapec-108 | 100% | live |
| AttackPattern | Object Relational Mapping Injectioncapec-109 | 100% | live |
| AttackPattern | Expanding Control over the Operating System from the Databasecapec-470 | 100% | live |
Compliance frameworks addressing this (incoming)13
| Type | Target | Confidence | Tier |
|---|---|---|---|
| ComplianceControl | iso27001-a.8.28 | 100% | live |
| ComplianceControl | cis_v8-16 | 100% | live |
| ComplianceControl | ai_act-art72 | 100% | live |
| ComplianceControl | owasp_top10-a03 | 100% | live |
| ComplianceControl | tiber_eu-preparation | 100% | live |
| ComplianceControl | pci_dss_v4-r11 | 100% | live |
| ComplianceControl | cis_v8-18 | 100% | live |
| ComplianceControl | iso27001-a.8.8 | 100% | live |
| ComplianceControl | gdpr-art5 | 100% | live |
| ComplianceControl | iso27001-a.8.25 | 100% | live |
| ComplianceControl | iso27001-a.8.26 | 100% | live |
| ComplianceControl | pci_dss_v4-r6 | 100% | live |
| ComplianceControl | iso27001-a.8.29 | 100% | live |
(incoming)132
| Type | Target | Confidence | Tier |
|---|---|---|---|
| Vulnerability | CVE-2025-0063cve-2025-0063 | 0% | live |
| Vulnerability | CVE-2025-0103cve-2025-0103 | 0% | live |
| Vulnerability | CVE-2025-0165cve-2025-0165 | 0% | live |
| Vulnerability | CVE-2025-0203cve-2025-0203 | 0% | live |
| Vulnerability | CVE-2025-0204cve-2025-0204 | 0% | live |
| Vulnerability | CVE-2025-0205cve-2025-0205 | 0% | live |
| Vulnerability | CVE-2025-0207cve-2025-0207 | 0% | live |
| Vulnerability | CVE-2025-0208cve-2025-0208 | 0% | live |
| Vulnerability | CVE-2025-0210cve-2025-0210 | 0% | live |
| Vulnerability | CVE-2025-0212cve-2025-0212 | 0% | live |
| Vulnerability | CVE-2025-0229cve-2025-0229 | 0% | live |
| Vulnerability | CVE-2025-0230cve-2025-0230 | 0% | live |
| Vulnerability | CVE-2025-0231cve-2025-0231 | 0% | live |
| Vulnerability | CVE-2025-0232cve-2025-0232 | 0% | live |
| Vulnerability | CVE-2025-0233cve-2025-0233 | 0% | live |
| Vulnerability | CVE-2025-0294cve-2025-0294 | 0% | live |
| Vulnerability | CVE-2025-0296cve-2025-0296 | 0% | live |
| Vulnerability | CVE-2025-0298cve-2025-0298 | 0% | live |
| Vulnerability | CVE-2025-0299cve-2025-0299 | 0% | live |
| Vulnerability | CVE-2025-0300cve-2025-0300 | 0% | live |
| Vulnerability | CVE-2025-0333cve-2025-0333 | 0% | live |
| Vulnerability | CVE-2025-0334cve-2025-0334 | 0% | live |
| Vulnerability | CVE-2025-0336cve-2025-0336 | 0% | live |
| Vulnerability | CVE-2025-0340cve-2025-0340 | 0% | live |
| Vulnerability | CVE-2025-0344cve-2025-0344 | 0% | live |
| Vulnerability | CVE-2025-0345cve-2025-0345 | 0% | live |
| Vulnerability | CVE-2025-0347cve-2025-0347 | 0% | live |
| Vulnerability | CVE-2025-0391cve-2025-0391 | 0% | live |
| Vulnerability | CVE-2025-0392cve-2025-0392 | 0% | live |
| Vulnerability | CVE-2025-0405cve-2025-0405 | 0% | live |
Showing top 30 of 132 by confidence. Click any target to see the full neighbourhood.
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.